May 16, 2017 - 5:18pm
Indian banks and ATMs supposedly running on systems less sophisticated than what is used by their global peers remained unaffected by the ransomware WannaCry, which has shuttered or slowed many operations across the world.
None of the major banks, or the Reserve Bank of India, reported anything amiss in the Indian financial system. There was speculation that one or two small banks in South India may have been affected and that the magnitude of the damage may not be much, said two people familiar with the matter.
"We are closely monitoring the situation and have instructed the local IT teams of our bank to keep a watch on the systems in branches," said a banker with the nation's biggest lender, State Bank of India. "In some cases, the malware comes from external devices interacting with the banking networks. We are keeping that under check too."
The Indian financial system's claim that it has been largely unacffected by a cyber attack that has hit thousands of establishments across the globe has raised eyebrows. Indian banks are notorious for under-reporting cyber crimes and this has even attracted the regulator's criticism.
"Another area of concern is the patch management. OEMs (original equipment manufacturers) release patches after known vulnerabilities are escalated to them and if the patches are not rolled out in time, we are practically leaving the door open for exploitation," said Reserve Bank of India deputy governor SS Mundra during a speech in September last year on 'Information Technology and Cyber Risk in Banking Sector'.
Banks in general have issued internal advisories listing out the dos and don'ts for employees and asking them to keep away from suspicious links.
"The biggest requirement for financial institutions at such moments is isolation of the affected device from the mainframe, thereby preventing such viruses from spreading across the network," said the person quoted above.